Ruby Lee is improving cybersecurity with deep learning.
Lee, an electrical engineering professor, is widely known for pioneering work designing security into computer hardware. More recently, she and her students are improving security using deep learning — algorithms that can discover patterns in raw data. Among projects in this area, Lee’s research team has developed software that uses smartphone sensors to automatically recognize users’ characteristics. While passwords can be hacked, a deep understanding of an individual’s motion patterns is far more secure. Sensor-based authentication can be used together with traditional password, PIN, or biometric authentication for improved security and user convenience.
“Sensors found in every smartphone, like the accelerometer and the gyroscope, are sufficient to differentiate users with smart, machine-learning algorithms,” said Lee, the Forrest G. Hamrick Professor in Engineering. “We can quickly detect a thief or impostor who is trying to use your credentials to access your online bank account, for example.”
The smartphone protection is part of a wide-ranging effort by her team to address problems in computer security and computer architecture that have challenged users and designers for decades.
In April, two of Lee’s graduate students, Zecheng He and Guangyuan Hu, won the Siemens FutureMakers competition with a proposal to guard power grids against online attacks. Their protection relies on algorithms that look for deviations in the normal behavior of the controlling computer system. Unlike classic countermeasures that work by identifying malware, the new system does not require knowledge about an attacker. Therefore, it works well against so-called zero-day attacks, which exploit a previously unknown security vulnerability.
“Zero-day attacks against the power grid are extremely hard to detect in real time,” said Lee. “This is a huge unsolved problem.”
Another graduate student, Wei-Han Lee, won a Best Paper award for work with Professor Lee and colleagues at IBM Research for showing that smartphone sensors can infer a user’s handwriting patterns. The researchers demonstrated that the same sensors used to enhance security for user authentication can also be abused by an attacker to spy on the user’s handwriting.
“Your smartphone sensors give a lot of information about you, and should be protected,” Professor Lee said. “With advanced deep-learning techniques, we want to solve real and serious security problems in today’s computing environment of smartphones, internet-of-things devices, and cloud computing.”